Clean up ssl_cipher_list_to_bytes a little.

Still need to convert serializing code to CBB, but the current one is kinda crazy. Change-Id: I00e12a812c815bf01c53a26ccbb7c6727ea8c8fc Reviewed-on: https://boringssl-review.googlesource.com/1840 Reviewed-by: Adam Langley <agl@google.com>
2014-09-29 19:33:09 -04:00 · 2014-09-29 19:33:09 -04:00 · 5491e3fdb7
commit 5491e3fdb7
parent 6a3ecf37da
2 changed files with 17 additions and 37 deletions
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@ -1492,13 +1492,12 @@ char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len)
 	return(buf);
 	}

-int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p)
+int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, uint8_t *p)
 	{
-	int i;
+	size_t i;
 	const SSL_CIPHER *c;
 	CERT *ct = s->cert;
-	unsigned char *q;
-	int no_scsv = s->renegotiate;
+	uint8_t *q;
 	/* Set disabled masks for this session */
 	ssl_set_client_disabled(s);

@ -1513,41 +1512,22 @@ int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p)
 			c->algorithm_mkey & ct->mask_k ||
 			c->algorithm_auth & ct->mask_a)
 			continue;
-#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
-		if (c->id == SSL3_CK_SCSV)
-			{
-			if (no_scsv)
-				continue;
-			else
-				no_scsv = 1;
-			}
-#endif
 		s2n(ssl3_get_cipher_value(c), p);
 		}
-	/* If p == q, no ciphers and caller indicates an error. Otherwise
-	 * add SCSV if not renegotiating.
-	 */
-	if (p != q)
+	/* If all ciphers were disabled, return the error to the caller. */
+	if (p == q)
 		{
-		if (!no_scsv)
-			{
-			static const SSL_CIPHER scsv =
-				{
-				0, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0
-				};
-			s2n(ssl3_get_cipher_value(&scsv), p);
-#ifdef OPENSSL_RI_DEBUG
-			fprintf(stderr, "SCSV sent by client\n");
-#endif
-			}
-		if (s->fallback_scsv)
-			{
-			static const SSL_CIPHER fallback_scsv =
-				{
-				0, NULL, SSL3_CK_FALLBACK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0
-				};
-			s2n(ssl3_get_cipher_value(&fallback_scsv), p);
-			}
+		return 0;
+		}
+
+	/* Add SCSVs. */
+	if (!s->renegotiate)
+		{
+		s2n(SSL3_CK_SCSV & 0xffff, p);
+		}
+	if (s->fallback_scsv)
+		{
+		s2n(SSL3_CK_FALLBACK_SCSV & 0xffff, p);
 		}

 	return(p-q);
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@ -804,7 +804,7 @@ int ssl_cipher_id_cmp(const void *in_a, const void *in_b);
 int ssl_cipher_ptr_id_cmp(const SSL_CIPHER **ap, const SSL_CIPHER **bp);
 STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, const CBS *cbs,
 					       STACK_OF(SSL_CIPHER) **skp);
-int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, unsigned char *p);
+int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, uint8_t *p);
 STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *meth,
 					     struct ssl_cipher_preference_list_st **pref,
 					     STACK_OF(SSL_CIPHER) **sorted,